Report unveils platform data and trends from targeted intrusion activity and attack techniques from both nation-state adversaries and cyber criminals

CrowdStrike® Inc./zigman2/quotes/212513426/compositeCRWD-2.14%
, a leader in cloud-delivered endpoint protection, today announced the release of the 2020 CrowdStrike Global Threat Report
. Findings from the report indicate that during 2019, financially motivated cybercrime activity occurred on a nearly continuous basis. CrowdStrike observed an increase in incidents of ransomware, maturation of the tactics used, and increasing ransom demands from eCrime actors. Increasingly these actors have begun conducting data exfiltration, enabling the weaponization of sensitive data through threats of leaking embarrassing or proprietary information.

Moving beyond eCrime, nation-state adversaries continued unabated throughout 2019, targeting a wide range of industries. Another key trend in this year’s report is the telecommunications industry being targeted with increased frequency by threat actors, such as China and DPRK. CrowdStrike Intelligence assesses that various nations, particularly China, have interest in targeting this sector to steal intellectual property and competitive intelligence.

Combatting threats from sophisticated nation-state and eCrime adversaries requires a mature process that can prevent, detect and respond to threats with speed and agility. CrowdStrike recommends organizations to pursue the “ 1-10-60 rule
” in order to effectively thwart cyberthreats. 1-10-60 guidelines are the following: detect intrusions in under one minute; investigate in 10 minutes; contain and eliminate the adversary in 60 minutes. Organizations that meet this benchmark are much more likely to eradicate the adversary before an attack spreads from its initial entry point, ultimately minimizing organizational impact.

“2019 brought an onslaught of new techniques from nation-state actors and an increasingly complex eCrime underground filled with brazen tactics and massive increases in targeted ransomware demands. As such, modern security teams must employ technologies to detect, investigate and remediate incidents faster with swift preemptive countermeasures, such as threat intelligence, and follow the 1-10-60 rule,” said Adam Meyers, vice president of Intelligence at CrowdStrike.

China continues to focus many operations on supply chain compromises, demonstrating the nation-state’s continued use of this tactic to identify and infect multiple victims. Other targeting of key U.S. industries deemed vital to China’s strategic interests — including clean energy, healthcare, biotechnology, and pharmaceuticals — is also likely to continue.

The industries at the top of the target list for enterprise ransomware (Big Game Hunting) observed were local governments and municipalities, academic institutions, the technology sector, healthcare, manufacturing, financial services and media companies.

In addition to supporting currency generation, DPRK’s targeting of cryptocurrency exchanges could support espionage-oriented efforts designed to collect information on users or cryptocurrency operations and systems. In addition, CrowdStrike Intelligence suspects that DPRK has also been developing its own cryptocurrency to further circumvent sanctions.

“This year’s report indicates a massive increase in eCrime behavior can easily disrupt business operations, with criminals employing tactics to leave organizations inoperable for large periods of time. It’s imperative that modern organizations employ a sophisticated security strategy that includes better detection and response and 24/7/365 managed threat hunting to pinpoint incidents and mitigate risks,” said Jennifer Ayers, vice president of OverWatch at CrowdStrike. “CrowdStrike’s comprehensive technology, coupled with our visibility into actor motivations and proactive hunting, protects our customers with the critical components needed to stop modern attacks.”

For additional information, read a blog on report findings
from George Kurtz, CrowdStrike’s co-founder and chief executive officer.

Download the
.

About CrowdStrike

CrowdStrike
® Inc. /zigman2/quotes/212513426/compositeCRWD-2.14%
, a global cybersecurity leader, is redefining security for the cloud era with an endpoint protection platform built from the ground up to stop breaches. The CrowdStrike Falcon® platform’s single lightweight-agent architecture leverages cloud-scale artificial intelligence (AI) and offers real-time protection and visibility across the enterprise, preventing attacks on endpoints on or off the network. Powered by the proprietary CrowdStrike Threat Graph®, CrowdStrike Falcon correlates over 3 trillion endpoint-related events per week in real time from across the globe, fueling one of the world’s most advanced data platforms for security.

Intraday Data provided by FACTSET and subject to terms of use. Historical and current end-of-day data provided by FACTSET. All quotes are in local exchange time. Real-time last sale data for U.S. stock quotes reflect trades reported through Nasdaq only. Intraday data delayed at least 15 minutes or per exchange requirements.